Security Awareness Training Policy
1.0 Overview
Security awareness
training is the process of educating employees on the risks and best practices
of cybersecurity. It aims to equip them with the knowledge and skills to
protect themselves and the organization from cyber threats. Security awareness
training is not a one-time event but an ongoing process that requires
continuous reinforcement and adaptation.
2.0 Purpose
The purpose of this
policy is to establish the requirements and responsibilities for security
awareness training for all employees of our company.
3.0 Scope
This policy applies to
all Encore
and Zii travel employees who access our company’s information systems or handle our
company’s data.
4.0 Policy
Security awareness
training is mandatory for all employees and must be completed within 30 days of
joining the company and annually thereafter.
The training will
cover topics such as:
- The importance of
security and privacy for our company and our customers.
- The common types of
cyber threats and how to prevent them.
- The best practices for
password management, email security, web browsing, social media use, mobile
device security, remote work security, etc.
- The procedures for
reporting security incidents or suspicious activities.
- The roles and
responsibilities of employees in complying with our company’s security policies
and standards.
The training will be
delivered online through the KnowBe4 platform that tracks completion and test
scores. Employees who fail to complete the training or score below 80% on the
test will be required to retake the training until they pass.
In addition to the initial training, employees will receive a follow-up refresher 6 months after completing the main training exercise. They will also be subjected to periodic phishing tests that simulate real-world attacks. Employees who fail a phishing test will be
enrolled in a remedial training campaign that focuses on phishing awareness and
prevention. To minimize the security risk of the company, accounts of employees who fail to complete their remedial training before the due date may be locked and/or disabled.
5.0 Policy Compliance
5.1 Compliance Measurement
The Security Compliance Manager will assess compliance with this policy through various methods, including conducting regular phishing tests (as outlined in Section 4.0 of this policy), risk assessments, annual employee training and policy attestation, internal and external audits, and feedback to the policy owner.
5.2 Exceptions
Any exceptions to this policy must be approved in advance by IT Management.
5.3 Non-Compliance
Employees found to have violated this policy may face disciplinary action, including but not limited to, termination of employment.
All rights reserved to Voyages Encore Travel Inc. | Confidential Document | Agency purposes ONLY
Related Articles
Information Security Policy
1.0 Introduction Voyages Encore Travel Inc. (“Encore”) is committed to safeguarding the confidentiality, integrity and availability of all physical and electronic information assets of the organization to ensure that regulatory, operational and ...
Email Policy
1.0 Overview Electronic email is extensively used across various industry verticals and serves as the primary method of communication and awareness within an organization. However, improper use of email can introduce legal, privacy, and security ...
Ransomware Policy
1.0 Purpose The purpose of the Ransomware Policy (the "Policy") is to establish the goals and vision for the ransomware response process in compliance with SOC 2 and the Personal Information Protection and Electronic Documents Act ("PIPEDA"). This ...
Access Management Policy
1.0 Purpose The purpose of the Access Control and User Access Management Policy (the "Policy") is to establish and maintain access rights management procedures to prevent unauthorized access to data under Voyages Encore Travel Inc.’s (“Encore”) ...
Data Classification Policy
1.0 Purpose The purpose of the Data Classification Policy (the “Policy”) is to ascertain information and data of Voyages Encore Travel Inc.’s (“Encore”) systems are maintained in a secure, accurate, and reliable manner and be readily available for ...